Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/uAuCKquKWO0zzSYfHBa-XRjUA_o.roa
File:                     uAuCKquKWO0zzSYfHBa-XRjUA_o.roa (raw, json)
Hash identifier:          fDuTbIJ1IA/Zs+dDpgsFFS8whftfbHTDbjW4b6C7wF4=
Subject key identifier:   B8:0B:82:2A:AB:8A:58:ED:33:CD:26:1F:1C:16:BE:5D:18:D4:03:FA
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DED9817228813F75983024174207B
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/uAuCKquKWO0zzSYfHBa-XRjUA_o.roa
Signing time:             Mon 01 Jan 2024 14:29:24 +0000
ROA not before:           Mon 01 Jan 2024 14:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60623
IP address blocks:        213.182.168.0/24 maxlen: 24
                          213.182.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ed:98:17:22:88:13:f7:59:83:02:41:74:20:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b80b822aab8a58ed33cd261f1c16be5d18d403fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c2:4b:b1:2d:13:03:e1:cc:d7:1b:ca:7c:0c:
                    9c:06:5f:db:12:e1:42:43:52:b0:66:0b:f3:61:49:
                    e5:e4:51:15:ec:44:29:9f:c8:b4:52:cf:21:4f:c8:
                    a3:4d:40:1c:15:95:b7:23:07:6e:a3:af:a8:e7:94:
                    de:92:53:b6:cc:17:94:59:df:86:0a:9b:87:f3:71:
                    ed:20:2d:1b:e8:04:2f:d7:0f:6b:ea:ee:17:2f:9f:
                    37:82:18:1c:81:ba:cf:42:bb:b3:97:04:66:d9:aa:
                    bd:c3:52:c9:7c:e1:68:43:f4:40:5c:f2:4b:09:f8:
                    b0:e9:b1:da:9a:6e:0c:b2:d1:90:53:9e:b9:3e:30:
                    a9:c5:07:8d:ba:7a:b5:5b:8f:22:b2:e2:86:45:be:
                    b7:c6:7d:ce:d9:eb:01:3e:be:43:72:5c:37:d7:84:
                    9e:27:67:96:c1:bb:cb:c1:0f:a1:87:c7:67:41:91:
                    aa:8a:9f:d1:b0:7c:a4:78:09:cf:84:e0:36:6e:2f:
                    b2:96:62:06:42:a5:ec:ec:ce:37:f0:03:be:16:75:
                    7c:17:0b:15:50:4b:78:7a:47:c6:a2:6b:1a:ca:56:
                    b5:8c:68:c4:30:9d:42:bd:e6:50:bc:ec:95:c7:9e:
                    76:a5:32:e7:9f:2f:4b:31:45:4e:3d:e2:d5:a0:0c:
                    b1:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:0B:82:2A:AB:8A:58:ED:33:CD:26:1F:1C:16:BE:5D:18:D4:03:FA
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/uAuCKquKWO0zzSYfHBa-XRjUA_o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.182.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8d:3a:c4:90:9a:a8:f2:a2:0e:c7:e1:d9:10:83:4e:d6:ca:e7:
         03:62:87:4b:96:4e:7c:10:dd:e3:93:3e:8e:1b:eb:c8:ab:8d:
         c6:03:3c:4a:2f:0e:d4:12:4c:13:da:af:8e:d3:ef:48:e9:f7:
         a4:fa:39:2c:58:f1:55:be:a0:82:72:12:18:48:4d:2a:27:3e:
         6b:7f:f4:f1:37:37:b7:2e:b0:dc:8d:1a:08:48:20:37:8a:df:
         2f:51:f7:f2:f8:40:08:f2:2a:27:be:7c:a8:55:07:af:ba:09:
         c5:e9:f1:8c:7a:9c:03:cd:e1:54:aa:62:1c:d1:4b:ea:75:72:
         7d:0c:20:6c:23:57:ab:cb:20:d2:37:c8:93:28:48:80:38:e7:
         bc:ce:bb:bc:e0:62:24:67:f4:0d:85:05:90:cd:8b:b2:a6:11:
         e6:c2:27:22:d4:0b:15:a5:f9:63:18:f0:af:1b:11:34:25:ba:
         08:a6:76:6d:74:54:f6:5a:79:65:7f:6c:d7:95:51:3b:05:37:
         40:8c:69:61:a7:cd:53:a8:3b:44:bc:f0:59:c9:45:88:ec:d8:
         dc:9d:9d:7c:39:07:bd:ea:6e:35:44:71:30:eb:8e:52:68:82:
         1f:76:6b:d9:1a:fe:86:71:06:95:a6:bd:8c:0a:a5:5e:5c:ad:
         32:22:99:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbe2YFyKIE/dZgwJBdCB7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODBiODIyYWFiOGE1OGVkMzNjZDI2MWYxYzE2YmU1ZDE4ZDQwM2ZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8JLsS0TA+HM1xvKfAycBl/bEuFC
Q1KwZgvzYUnl5FEV7EQpn8i0Us8hT8ijTUAcFZW3Iwduo6+o55TeklO2zBeUWd+G
CpuH83HtIC0b6AQv1w9r6u4XL583ghgcgbrPQruzlwRm2aq9w1LJfOFoQ/RAXPJL
Cfiw6bHamm4MstGQU565PjCpxQeNunq1W48isuKGRb63xn3O2esBPr5Dclw314Se
J2eWwbvLwQ+hh8dnQZGqip/RsHykeAnPhOA2bi+ylmIGQqXs7M438AO+FnV8FwsV
UEt4ekfGomsayla1jGjEMJ1CveZQvOyVx552pTLnny9LMUVOPeLVoAyxTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLgLgiqriljtM80mHxwWvl0Y1AP6MB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvdUF1Q0txdUtXTzB6elNZZkhCYS1YUmpVQV9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1baoMA0G
CSqGSIb3DQEBCwUAA4IBAQCNOsSQmqjyog7H4dkQg07WyucDYodLlk58EN3jkz6O
G+vIq43GAzxKLw7UEkwT2q+O0+9I6fek+jksWPFVvqCCchIYSE0qJz5rf/TxNze3
LrDcjRoISCA3it8vUffy+EAI8ionvnyoVQevugnF6fGMepwDzeFUqmIc0UvqdXJ9
DCBsI1eryyDSN8iTKEiAOOe8zru84GIkZ/QNhQWQzYuyphHmwici1AsVpfljGPCv
GxE0JboIpnZtdFT2Wnllf2zXlVE7BTdAjGlhp81TqDtEvPBZyUWI7NjcnZ18OQe9
6m41RHEw645SaIIfdmvZGv6GcQaVpr2MCqVeXK0yIpk4
-----END CERTIFICATE-----